package com.lzf.controller;

import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HellorController {



    @RequestMapping("/hello")
    public String sayHello() {
        return "无权限可访问";
    }

    //方法角色认证
    @PreAuthorize("hasAnyRole('admin','normal')")
    @RequestMapping("/normal")
    public String adminOrNormal() {
        return "admin+normal=>有这两个其中一个权限";
    }

    @PreAuthorize("hasRole('admin')")
    @RequestMapping("/admin")
    public String normal() {
        return "admin=>一个权限";
    }
}
